US cyber security may draft ISPs in spy game

R. A. Hettinga rah at shipwright.com
Wed Jun 19 11:33:21 EDT 2002


http://www.theregister.co.uk/content/55/25781.html


  19 June 2002
  Updated: 04:33 GMT
------------------------------------------------------------------------
US cyber security may draft ISPs in spy game
By Kevin Poulsen, SecurityFocus Online
Posted: 19/06/2002 at 04:32 GMT


An early draft of the White House's National Strategy to Secure Cyberspace
envisions the same kind of mandatory customer data collection and retention
by U.S. Internet service providers as was recently enacted in Europe,
according to sources who have reviewed portions of the plan.

In recent weeks, the administration has begun doling out bits and pieces of
a draft of the strategy to technology industry members and advocacy groups.
A federal data retention law is suggested briefly in a section drafted in
part by the U.S. Justice Department.

The comprehensive strategy is being assembled by the President's Critical
Infrastructure Protection Board, headed by cyber security czar Richard
Clarke, and is intended as a collaborative road map for further action by
government agencies, private industry, and Congress.

While not binding, proposals that find their way into the final version of
the National Strategy would likely have added weight in Congress, and could
lead to legislation.

A controversial directive passed by the European Parliament last month
allows the 15 European Union member countries to force ISPs to collect and
keep detailed logs of each customer's traffic, so that law enforcement
agencies could access it later.

Data to be gathered under the European plan includes the headers (from, to,
cc and subject lines) of every e-mail each customer sends or receives, and
every user's complete Web browsing history. The period of time that the
data will have to be retained is up to each member country; specific
legislative proposals range from 12 months to seven years, according to
Cedric Laurant, a policy analyst at the Electronic Privacy Information
Center (EPIC), which opposed the directive.

"Somebody could see their past for the last seven years be completely
open," says Laurant, speaking of the European directive. "It violates
freedom of speech and the basic principle of the presumption of innocence."

The draft of the U.S. plan does not specify how much data ISPs would be
forced to collect, or how long they would have to store it. The White House
did not return phone calls on the strategy, which is scheduled for release
in September.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list